Legal claims defining the scope of protection, as filed with the USPTO.
1. A method to perform a cryptographic operation that comprises a number theoretic transformation (NTT) of a first vector to a second vector, the method comprising: obtaining, by a processing device, components of the first vector; obtaining, by the processing device, one or more random numbers; performing, by the processing device, a plurality of iterations, wherein each of the plurality of iterations comprises: determining a plurality of output values, wherein each of the plurality of output values is a linear combination of two or more input values;, wherein (1) the input values into a first iteration of the plurality of iterations are the components of the first vector, (2) the input values into each subsequent iteration of the plurality of iterations are the output values of a previous iteration of the plurality of iterations, (3) the output values of the last of the plurality of iterations are representative of components of the second vector, and wherein one or more of the output values of a first randomized iteration of the plurality of iterations are randomized using a first randomization operation that comprises multiplying at least one input value into the first randomized iteration by a first random number of the one or more random numbers; and determining, by the processing device, based on the output values of the last of the plurality of iterations, the components of the second vector.
2. The method of claim 1, further comprising: performing a plurality of adjustment operations, wherein each of the plurality of adjustment operations is to adjust a respective output value of the last of the plurality of iterations to compensate for the first randomization operation and to make the output values of the last of the plurality of iterations equal to the components of the second vector.
3. The method of claim 1, further comprising: performing a plurality of adjustment operations, wherein each of the plurality of adjustment operations is to adjust a value of a respective component of the first vector to compensate for the first randomization operation and to make the output values of the last of the plurality of iterations equal to the components of the second vector.
4. The method of claim 1, wherein a number of iterations of the plurality of iterations is equal to a logarithm of a number of components of the first vector to base two, and wherein the number of components of the first vector is equal to a number of components of the second vector.
5. The method of claim 1, wherein each of the plurality of iterations comprises a plurality of parallel instances of Cooley-Tukey butterfly transformations or a plurality of parallel instances of Gentleman-Sande butterfly transformations.
6. The method of claim 1, wherein the first randomization operation further comprises multiplying the at least one input value into the first randomized iteration by a first root of unity.
7. The method of claim 6, wherein one or more of the output values of a second randomized iteration of the plurality of iterations are randomized using a second randomization operation that comprises multiplying at least one input value into the second randomized iteration by a second random number of the one or more random numbers and by a second number that is a second root of unity.
8. The method of claim 1, wherein the first random number is a first root of unity, randomly selected from a plurality of roots of unity of order N or from a plurality of roots of unity of order 2N, wherein N is a number of the components of the first vector.
9. The method of claim 1, wherein each of the output values of each of the plurality of iterations is determined based on two output values of the previous iteration.
10. A non-transitory computer-readable medium storing instruction thereon, wherein the instructions, when executed by a processing device performing a cryptographic operation that comprises a number theoretic transformation (NTT) of a first vector to a second vector, cause the processing device to: obtain components of the first vector; obtain one or more random numbers; perform a plurality of iterations, wherein in each of the plurality of iterations the processing device is to: determine a plurality of output values, wherein each of the plurality of output values is a linear combination of two or more input values;, wherein (1) the input values into a first iteration of the plurality of iterations are the components of the first vector, (2) the input values into each subsequent iteration of the plurality of iterations are the output values of a previous iteration of the plurality of iterations, (3) the output values of the last of the plurality of iterations are representative of components of the second vector, and wherein one or more of the output values of a first randomized iteration of the plurality of iterations are randomized using a first randomization operation that comprises multiplying at least one input value into the first randomized iteration by a first random number of the one or more random numbers; and determine, based on the output values of the last of the plurality of iterations, the components of the second vector.
11. The computer-readable medium of claim 10, wherein the instructions are further to cause the processing device to: perform a plurality of adjustment operations, wherein each of the plurality of adjustment operations is to adjust a respective output value of the last of the plurality of iterations to compensate for the first randomization operation and to make the output values of the last of the plurality of iterations equal to the components of the second vector.
12. The computer-readable medium of claim 10, wherein the instructions are further to cause the processing device to: perform a plurality of adjustment operations, wherein each of the plurality of adjustment operations is to adjust a value of a respective component of the first vector to compensate for the first randomization operation and to make the output values of the last of the plurality of iterations equal to the components of the second vector.
13. The computer-readable medium of claim 10, wherein a number of iterations of the plurality of iterations is equal to a logarithm of a number of components of the first vector to base two, and wherein the number of components of the first vector is equal to a number of components of the second vector.
14. The computer-readable medium of claim 10, wherein each of the plurality of iterations comprises a plurality of parallel instances of Cooley-Tukey butterfly transformations or a plurality of parallel instances of Gentleman-Sande butterfly transformations.
15. The computer-readable medium of claim 10, wherein the first randomization operation further comprises multiplying the at least one input value into the first randomized iteration by a first root of unity.
16. The computer-readable medium of claim 15, wherein one or more of the output values of a second randomized iteration of the plurality of iterations are randomized using a second randomization operation that comprises multiplying at least one input value into the second randomized iteration by a second random number of the one or more random numbers and by a second number that is a second root of unity.
17. The computer-readable medium of claim 10, wherein the first random number is a first root of unity, randomly selected from a plurality of roots of unity of order N or from a plurality of roots of unity of order 2N, wherein Nis a number of the components of the first vector.
18. The computer-readable medium of claim 10, wherein each of the output values of each of the plurality of iterations is determined based on two output values of the previous iteration.
19. A system to perform a cryptographic operation that comprises a number theoretic transformation (NTT) of a first vector to a second vector, the system comprising: a memory device to store a first vector and a second vector; and a processing device coupled to the memory device, the processing device to: obtain components of the first vector; obtain one or more random numbers; perform a plurality of iterations, wherein in each of the plurality of iterations the processing device is to: determine a plurality of output values, wherein each of the plurality of output values is a linear combination of two or more input values;, wherein (1) the input values into a first iteration of the plurality of iterations are the components of the first vector, (2) the input values into each subsequent iteration of the plurality of iterations are the output values of a previous iteration of the plurality of iterations, (3) the output values of the last of the plurality of iterations are representative of components of the second vector, and wherein one or more of the output values of a first randomized iteration of the plurality of iterations are randomized using a first randomization operation that comprises multiplying at least one input value into the first randomized iteration by a first random number of the one or more random numbers; and determine, based on the output values of the last of the plurality of iterations, the components of the second vector.
20. The system of claim 19, wherein the processing device is further to: perform a plurality of adjustment operations, wherein each of the plurality of adjustment operations is to adjust a respective output value of the last of the plurality of iterations to compensate for the first randomization operation and to make the output values of the last of the plurality of iterations equal to the components of the second vector.
Unknown
June 17, 2025
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.